﻿using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Linq;
using System.Web;

namespace scmsByAspdNet.cotro.login {
  /// <summary>
  /// forLogin 的摘要说明
  /// </summary>
  public class forLogin : IHttpHandler {

    //登录功能
    //接受
    //uname 用户名
    //pd 密码
    //isSave 是否保存密码
    public void ProcessRequest(HttpContext context) {
      //数据处理
      var cooki = context.Request.Cookies.Get("token");
      //string token = cooki == null ? null : cooki.Value;
      string token= null;
      string indiv_id = context.Request["indiv_id"], pd = context.Request["pd"], isSave = context.Request["isSave"];
      //数据库
      SqlConnection conn = new SqlConnection("Data Source=106.54.69.143;database=scms;uid=sa;pwd=Aspdotnet666");
      conn.Open();
      //声明返回的数据
      string ret = "";
      if (token != null) {
        try {
          //创建SQL命令
          SqlCommand cmd = new SqlCommand("select indiv_id,pwd,role from sc_indiv_info where token='" + token + "';", conn);
          //执行SQL命令
          cmd.ExecuteNonQuery();
          //获取SqlDataReader
          SqlDataReader reader = cmd.ExecuteReader();
          if (reader.Read()) {
            if (isSave == "true") {
              //生成token，暂时只从数据库中获取
              ret = $"{{\"code\":1,\"indiv_id\":{reader[0].ToString()},\"role\":{reader[2].ToString()}}}";
            } else {
              ret = $"{{\"code\":1,\"indiv_id\":{reader[0].ToString()},\"role\":{reader[2].ToString()}}}";
            }
          } else {
            //用户不存在
            ret = "{\"code\":-1,\"msg\":\"未找到该用户\"}";
          }
        } catch (Exception e) {
          //访问数据库失败
          ret = "{\"code\":-1,\"msg\":\"访问数据库失败，请联系服务器管理员\"}";
        }
      } else {
        try {
          //创建SQL命令
          SqlCommand cmd = new SqlCommand("select indiv_id,pwd,token,role from sc_indiv_info where indiv_id='" + indiv_id + "';", conn);
          //执行SQL命令
          cmd.ExecuteNonQuery();
          //获取SqlDataReader
          SqlDataReader reader = cmd.ExecuteReader();
          //判断是否存在用户
          if (reader.Read()) {
            //用户存在继续判断密码是否正确
            if (reader[1].ToString() == pd) {
              //密码正确，继续判断是否需要自动登录
              if (isSave == "true") {
                //生成token，暂时只从数据库中获取
                ret = $"{{\"code\":1,\"indiv_id\":{reader[0].ToString()},\"role\":{reader[3].ToString()}}}";
                var cookie = new HttpCookie("token");
                cookie.Value = reader[2].ToString();
                context.Response.Cookies.Set(cookie);
              } else {
                ret = $"{{\"code\":1,\"indiv_id\":{reader[0].ToString()},\"role\":{reader[3].ToString()}}}";
              }
            } else {
              //密码错误
              ret = "{\"code\":-1,\"msg\":\"密码错误\"}";
            }
          } else {
            //用户不存在
            ret = "{\"code\":-1,\"msg\":\"未找到该用户\"}";
          }
        } catch (Exception e) {
          //访问数据库失败
          ret = "{\"code\":-1,\"msg\":\"访问数据库失败，请联系服务器管理员\"}";
        }
      }
      conn.Close();
      //返回数据
      context.Response.StatusCode = 200;
      context.Response.Write(ret);
    }

    public bool IsReusable {
      get {
        return false;
      }
    }
  }
}